diff --git a/seed/apache/dictionaries/20_web.xml b/seed/apache/dictionaries/20_web.xml index afd56df9..f995d8be 100644 --- a/seed/apache/dictionaries/20_web.xml +++ b/seed/apache/dictionaries/20_web.xml @@ -2,9 +2,9 @@ - /etc/httpd/conf/httpd.conf - /etc/httpd/conf.d/risotto.conf - /etc/httpd/conf.d/ssl.conf + /etc/httpd/conf/httpd.conf + /etc/httpd/conf.d/risotto.conf + /etc/httpd/conf.d/ssl.conf /sysusers.d/httpd.conf /tmpfiles.d/0httpd.conf diff --git a/seed/apache/templates/risotto.conf b/seed/apache/templates/risotto.conf index 3ee7bebd..d1aba917 100644 --- a/seed/apache/templates/risotto.conf +++ b/seed/apache/templates/risotto.conf @@ -1,15 +1,15 @@ # Timeout -Timeout %%apache_timeout +Timeout {{ general.apache.apache_timeout }} # Keepalive -%if %%apache_keepalive +{% if general.apache.apache_keepalive %} KeepAlive On -%else +{% else %} KeepAlive Off -%end if +{% endif %} MaxKeepAliveRequests 50 -KeepAliveTimeout %%apache_timeout +KeepAliveTimeout {{ general.apache.apache_timeout }} # RemoteIp RemoteIPHeader X-Forwarded-For -RemoteIPInternalProxy %%revprox_client_server_ip +RemoteIPInternalProxy {{ general.revprox.revprox_client_server_ip }} diff --git a/seed/apache/templates/ssl.conf b/seed/apache/templates/ssl.conf index d2ee87c5..3d825ee6 100644 --- a/seed/apache/templates/ssl.conf +++ b/seed/apache/templates/ssl.conf @@ -100,7 +100,7 @@ SSLProxyCipherSuite PROFILE=SYSTEM # require an ECC certificate which can also be configured in # parallel. # GNUNUX SSLCertificateFile /etc/pki/tls/certs/localhost.crt -SSLCertificateFile %%tls_cert_directory/revprox.crt +SSLCertificateFile {{ general.tls_cert_directory }}/revprox.crt # Server Private Key: # If the key is not combined with the certificate, use this @@ -109,7 +109,7 @@ SSLCertificateFile %%tls_cert_directory/revprox.crt # both in parallel (to also allow the use of DSA ciphers, etc.) # ECC keys, when in use, can also be configured in parallel # GNUNUX SSLCertificateKeyFile /etc/pki/tls/private/localhost.key -SSLCertificateKeyFile %%tls_key_directory/revprox.key +SSLCertificateKeyFile {{ general.tls_key_directory }}/revprox.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the @@ -126,7 +126,7 @@ SSLCertificateKeyFile %%tls_key_directory/revprox.key # huge file containing all of them (file must be PEM encoded) #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt #>GNUNUX -SSLCACertificateFile %%tls_ca_directory/InternalReverseProxy.crt +SSLCACertificateFile {{ general.tls_ca_directory }}/InternalReverseProxy.crt # - /etc/dnssec-trust-anchors.d/local.negative + /etc/dnssec-trust-anchors.d/local.negative diff --git a/seed/base-debian-bullseye/templates/local.negative b/seed/base-debian-bullseye/templates/local.negative index f571c676..50577106 100644 --- a/seed/base-debian-bullseye/templates/local.negative +++ b/seed/base-debian-bullseye/templates/local.negative @@ -1,2 +1,2 @@ -%set %%domain=%%domain_name_eth0.split('.', 1)[1] -%%domain +{% set domain = domain_name_eth0.split('.', 1)[1] %} +{{ domain }} diff --git a/seed/base-debian/dictionaries/11_debian-base.xml b/seed/base-debian/dictionaries/11_debian-base.xml index 90a8ecff..d664df6b 100644 --- a/seed/base-debian/dictionaries/11_debian-base.xml +++ b/seed/base-debian/dictionaries/11_debian-base.xml @@ -2,7 +2,7 @@ - + diff --git a/seed/base-debian/dictionaries/17_debian-base.xml b/seed/base-debian/dictionaries/17_debian-base.xml index d3a0e363..b1754b8f 100644 --- a/seed/base-debian/dictionaries/17_debian-base.xml +++ b/seed/base-debian/dictionaries/17_debian-base.xml @@ -1,7 +1,7 @@ - + + - + all diff --git a/seed/dovecot/templates/10-master.conf b/seed/dovecot/templates/10-master.conf index 848ecf30..178041a6 100644 --- a/seed/dovecot/templates/10-master.conf +++ b/seed/dovecot/templates/10-master.conf @@ -73,7 +73,7 @@ service lmtp { #} #>GNUNUX inet_listener lmtp { - address = %%ip_eth0 + address = {{ general.smtp.smtp_client_ip }} port = 8024 } #GNUNUX -ssl_cert = - service_count = 1 - - # Number of processes to always keep waiting for more connections. - process_min_avail = 0 - - # If you set service_count=0, you probably need to grow this. - vsz_limit = 64M -} diff --git a/seed/dovecot/templates/config-v1.1.xml b/seed/dovecot/templates/config-v1.1.xml index 305ee0eb..f45092d7 100644 --- a/seed/dovecot/templates/config-v1.1.xml +++ b/seed/dovecot/templates/config-v1.1.xml @@ -1,23 +1,23 @@ # GNUNUX: from https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat --> -%set %%domain = %%rougail_variable -%set %%leader = %%mail_domains[%%mail_domains.index(%%domain)] -%set %%imap_domain = %%leader.imap_domainname -%set %%submission_domain = %%leader.submission_domainname +{%set domain = rougail_variable %} +{%set leader = general.mail.domain.mail_domains[mail_domains.index(domain)] %} +{%set imap_domain = leader.imap_domainname %} +{%set submission_domain = leader.submission_domainname %} - - %%domain - Services %%domain - %%domain + + {{ domain }} + Services {{ domain }} + {{ domain }} - %%imap_domain + {{ imap_domain }} 993 SSL %EMAILADDRESS% password-cleartext - %%submission_domain + {{ submission_domain }} 587 STARTTLS %EMAILADDRESS% diff --git a/seed/dovecot/templates/dovecot-ldap.conf.ext b/seed/dovecot/templates/dovecot-ldap.conf.ext index 0d497c91..c6c2589b 100644 --- a/seed/dovecot/templates/dovecot-ldap.conf.ext +++ b/seed/dovecot/templates/dovecot-ldap.conf.ext @@ -24,7 +24,7 @@ # setting isn't supported by all LDAP libraries. #uris = #>GNUNUX -uris = ldaps://%%ldap_server_address +uris = ldaps://{{ general.ldap.server.ldap_server_address }} #GNUNUX -dn = %%ldapclient_user -dnpass = %%ldapclient_user_password +dn = {{ general.ldap.client.ldapclient_user }} +dnpass = {{ general.ldap.client.ldapclient_user_password }} #GNUNUX -tls_cert_file = %%tls_cert_directory/ldap_client.crt -tls_key_file = %%tls_key_directory/ldap_client.key -tls_ca_cert_file = %%tls_ca_directory/LDAP.crt +tls_cert_file = {{ general.tls_cert_directory }}/ldap_client.crt +tls_key_file = {{ general.tls_key_directory }}/ldap_client.key +tls_ca_cert_file = {{ general.tls_ca_directory }}/LDAP.crt tls_require_cert = hard #>GNUNUX @@ -107,7 +107,7 @@ auth_bind = yes # LDAP base. %variables can be used here. # For example: dc=mail, dc=example, dc=org # GNUNUX base = -base = %%ldapclient_search_dn +base = {{ general.ldap.client.ldapclient_search_dn }} # Dereference: never, searching, finding, always #deref = never diff --git a/seed/dovecot/templates/dovecot-oauth2.conf.ext b/seed/dovecot/templates/dovecot-oauth2.conf.ext index a445d536..5fcdd48a 100644 --- a/seed/dovecot/templates/dovecot-oauth2.conf.ext +++ b/seed/dovecot/templates/dovecot-oauth2.conf.ext @@ -4,7 +4,7 @@ ## url for verifying token validity. Token is appended to the URL # tokeninfo_url = http://endpoint/oauth/tokeninfo?access_token= #>GNUNUX -tokeninfo_url = https://%%oauth2_client_server_domainname/oauth2/userinfo/?access_token= +tokeninfo_url = https://{{ general.oauth2_client.oauth2_client_server_domainname }}/oauth2/userinfo/?access_token= #GNUNUX -introspection_url = https://%%oauth2_client_server_domainname/oauth2/introspect/ +introspection_url = https://{{ general.oauth2_client.oauth2_client_server_domainname }}/oauth2/introspect/ introspection_mode = post force_introspection = no #GNUNUX -openid_configuration_url = https://%%oauth2_client_server_domainname/.well-known/openid-configuration +openid_configuration_url = https://{{ general.oauth2_client.oauth2_client_server_domainname }}/.well-known/openid-configuration #GNUNUX -client_id = %%oauth2_client_id -client_secret = %%oauth2_client_secret +client_id = {{ general.oauth2_client.oauth2_client_id }} +client_secret = {{ general.oauth2_client.oauth2_client_secret }} #GNUNUX -relayhost = %%smtp_relay_address +relayhost = {{ general.smtp.smtp_relay_address }} smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/relay_passwd smtp_sasl_security_options = noanonymous @@ -742,15 +742,15 @@ readme_directory = /usr/share/doc/postfix/README_FILES # in PEM format. Intermediate certificates should be included in general, # the server certificate first, then the issuing CA(s) (bottom-up order). # -smtpd_tls_cert_file = %%tls_cert_directory/postfix.crt +smtpd_tls_cert_file = {{ general.tls_cert_directory }}/postfix.crt # The full pathname of a file with the Postfix SMTP server RSA private key # in PEM format. The private key must be accessible without a pass-phrase, # i.e. it must not be encrypted. # -smtpd_tls_key_file = %%tls_key_directory/postfix.key +smtpd_tls_key_file = {{ general.tls_key_directory }}/postfix.key -smtpd_tls_CApath = %%tls_ca_directory +smtpd_tls_CApath = {{ general.tls_ca_directory }} #>GNUNUX tls_server_sni_maps = hash:/etc/postfix/sni # - + /sysusers.d/0forgejo.conf /tmpfiles.d/0forgejo.conf - /etc/forgejo/app.ini - /tests/forgejo.yml + /etc/forgejo/app.ini + /tests/forgejo.yml diff --git a/seed/forgejo/templates/app.ini b/seed/forgejo/templates/app.ini index acd94260..0cc7e43a 100644 --- a/seed/forgejo/templates/app.ini +++ b/seed/forgejo/templates/app.ini @@ -1,7 +1,4 @@ #RISOTTO: https://codeberg.org/forgejo/forgejo/raw/branch/forgejo/custom/conf/app.example.ini -%compiler-settings -commentStartToken = ; -%end compiler-settings ; This file lists the default values used by Gitea ;; Copy required sections to your own app.ini (default is custom/conf/app.ini) ;; and modify as needed. @@ -50,7 +47,7 @@ commentStartToken = ; ;; App name that shows in every page title ;>GNUNUX ;APP_NAME = ; Gitea: Git with a cup of tea -APP_NAME = %%forgejo_title +APP_NAME = {{ general.forgejo.forgejo_title }} ;GNUNUX -DOMAIN = %%revprox_client_external_domainnames[0] +DOMAIN = {{ general.revprox.revprox_client.revprox_client_external_domainnames[0] }} ;GNUNUX -ROOT_URL = https://%%revprox_client_external_domainnames[0]%%revprox_client_external_domainnames[0]revprox_client_location +ROOT_URL = https://{{ general.revprox.revprox_client.revprox_client_external_domainnames[0] }}{{ general.revprox.revprox_client.revprox_client_external_domainnames[0]['revprox_client_location'] }} ;GNUNUX -LOCAL_ROOT_URL = https://%%domain_name_eth0:3000/ +LOCAL_ROOT_URL = https://{{ general.network.interface_0.domain_name_eth0 }}:3000/ ;GNUNUX -SSH_DOMAIN = %%revprox_client_external_domainnames[0] +SSH_DOMAIN = {{ general.revprox.revprox_client.revprox_client_external_domainnames[0] }} ;GNUNUX -SSH_PORT = %%incoming_ports[0] +SSH_PORT = {{ general.network.incoming_ports[0] }} ;GNUNUX -SSH_LISTEN_PORT = %%incoming_ports[0] +SSH_LISTEN_PORT = {{ general.network.incoming_ports[0] }} ;GNUNUX -CERT_FILE = %%tls_cert_directory/revprox.crt -KEY_FILE = %%tls_key_directory/revprox.key +CERT_FILE = {{ general.tls_cert_directory }}/revprox.crt +KEY_FILE = {{ general.tls_key_directory }}/revprox.key ;GNUNUX ;LFS_JWT_SECRET = -LFS_JWT_SECRET = %%forgejo_lfs_jwt_secret +LFS_JWT_SECRET = {{ general.forgejo.forgejo_lfs_jwt_secret }} ;GNUNUX DB_TYPE = postgres -HOST = %%pg_client_server_domainname:5432 -NAME = %%pg_client_database -USER = %%pg_client_username -PASSWD = %%pg_client_password +HOST = {{ general.postgresql.pg_client_server_domainname }}:5432 +NAME = {{ general.postgresql.pg_client_database }} +USER = {{ general.postgresql.pg_client_username }} +PASSWD = {{ general.postgresql.pg_client_password }} SCHEMA = SSL_MODE = verify-full CHARSET = utf8 @@ -492,7 +489,7 @@ INSTALL_LOCK = true ;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore. ;>GNUNUX ;SECRET_KEY = -SECRET_KEY = %%forgejo_secret_key +SECRET_KEY = {{ general.forgejo.forgejo_secret_key }} ;GNUNUX ;INTERNAL_TOKEN= -INTERNAL_TOKEN = %%forgejo_internal_token +INTERNAL_TOKEN = {{ general.forgejo.forgejo_internal_token }} ;GNUNUX -SMTP_ADDR = %%smtp_relay_address +SMTP_ADDR = {{ smtp_relay_address }} ;` format ;FROM = ;>GNUNUX -FROM = %%forgejo_mail_sender +FROM = {{ general.forgejo.forgejo_mail_sender }} ;` to send an empty address. @@ -1802,13 +1799,13 @@ FROM = %%forgejo_mail_sender ;; Mailer user name and password, if required by provider. ;USER = ;>GNUNUX -USER = %%smtp_relay_user@%%ip_eth0 +USER = {{ general.smtp.smtp_relay_user }}@{{ general.smtp.smtp_client_ip }} ;GNUNUX -PASSWD = %%smtp_relay_password +PASSWD = {{ general.smtp.smtp_relay_password }} ;GNUNUX -HOST = network=tcp,addr=%%redis_client_server_domainname:6379,username=%%redis_client_username,password=%%redis_client_password,db=0,pool_size=100,idle_timeout=180 +HOST = network=tcp,addr={{ general.redis.redis_client_server_domainname }}:6379,username={{ general.redis.redis_client_username }},password={{ general.redis.redis_client_password }},db={{ general.redis.redis_client_index }},pool_size=100,idle_timeout=180 ;GNUNUX -PROVIDER_CONFIG = network=tcp,addr=%%redis_client_server_domainname:6379,password=%%redis_client_password,db=0,pool_size=100,idle_timeout=180 +PROVIDER_CONFIG = network=tcp,addr={{ general.redis.redis_client_server_domainname }}:6379,password={{ general.redis.redis_client_password }},db={{ general.redis.redis_client_index }},pool_size=100,idle_timeout=180 ; + + + + + /etc/grafana/grafana.ini + /etc/sysconfig/grafana-server + /tmpfiles.d/0grafana.conf + + + + + + + + + / + + + + 3000 + + + grafana + + + + + True + + + Grafana + + + Visualisation de données + + + Administration + + + silique_note.png + + + RS256 + + + + + + grafana + + + + + + domain_name_eth0 + admin + admin + cleartext + hide_secret + True + admin_password + + + + diff --git a/seed/grafana/manual/image/postinstall/grafana.sh b/seed/grafana/manual/image/postinstall/grafana.sh new file mode 100644 index 00000000..f78a34bc --- /dev/null +++ b/seed/grafana/manual/image/postinstall/grafana.sh @@ -0,0 +1,11 @@ +mkdir -p $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/usr/lib/grafana/plugins +#echo """#!/bin/bash -xe +#grafana-cli plugins install grafana-image-renderer +#mkdir -p /usr/lib/grafana +#mv /var/lib/grafana/plugins/ /usr/lib/grafana/ +#""" > $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh +#chmod 755 $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/install.sh +#mv $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf /tmp +#echo "nameserver 9.9.9.9" > $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf +#chroot $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP /install.sh +#mv -f /tmp/resolv.conf $IMAGE_NAME_RISOTTO_IMAGE_DIR_TMP/etc/resolv.conf diff --git a/seed/grafana/manual/image/preinstall/grafana.sh b/seed/grafana/manual/image/preinstall/grafana.sh new file mode 100644 index 00000000..6e6c00f5 --- /dev/null +++ b/seed/grafana/manual/image/preinstall/grafana.sh @@ -0,0 +1 @@ +PKG="$PKG grafana" diff --git a/seed/grafana/templates/grafana-server b/seed/grafana/templates/grafana-server new file mode 100644 index 00000000..3aa9e108 --- /dev/null +++ b/seed/grafana/templates/grafana-server @@ -0,0 +1,30 @@ +GRAFANA_USER=grafana + +GRAFANA_GROUP=grafana + +#>GNUNUX +#GRAFANA_HOME=/usr/share/grafana +GRAFANA_HOME=/srv/grafana/home +#GNUNUX +#DATA_DIR=/var/lib/grafana +DATA_DIR=/srv/grafana/var +#GNUNUX +plugins = /usr/lib/grafana/plugins +#GNUNUX +protocol = https +#GNUNUX +{% set location = general.revprox.revprox_client.revprox_client_external_domainnames[0].revprox_client_location %} +{% if location.endswith('/') %} +{% set location = location[:-1] %} +{% endif %} +root_url = https://{{ general.revprox.revprox_client.revprox_client_external_domainnames[0] }}{{ location }} +#GNUNUX +cert_file = {{ tls_cert_directory }}/revprox.crt +cert_key = {{ tls_key_directory }}/revprox.key; +#GNUNUX +type = postgres +host = {{ general.postgresql.pg_client_server_domainname }}:5432 +name = {{ general.postgresql.pg_client_database }} +user = {{ general.postgresql.pg_client_username }} +password = {{ general.postgresql.pg_client_password }} +ssl_mode = verify-full +ca_cert_path = {{ general.tls_ca_directory }}/PostgreSQL.crt +client_key_path = {{ general.tls_key_directory }}/postgresql.key +client_cert_path = {{ general.tls_cert_directory }}/postgresql.crt +#GNUNUX +reporting_enabled = false +#GNUNUX +disable_initial_admin_creation = false +admin_user = admin +admin_password = {{ general.grafana.admin_password }} +#,